Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
P3p
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
X-UA-Device
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
X-Proxy-Cache
Keep-Alive
X-Server
X-Ws-Request-Id
X-Age
X-Dns-Prefetch-Control
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Apo-Via
X-Device
X-WebKit-CSP
Accept-CH
Cf-Railgun
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
X-Backend-Server
Request-Id
X-Cache-Spec
X-Cache-Lookup
X-HW
X-Content-Security-Policy-Report-Only
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Accept-Ch-Lifetime
Fastly-Restarts
Permissions-Policy
X-Nginx-Upstream-Cache-Status
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
X-Mcache
X-Content-Type
Content-Location
X-Url
X-MS-InvokeApp
X-CST
X-Clacks-Overhead
X-Country
Rating
X-Midtier
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-VARITI-CCR
X-Element-Page-Cache
Origin-Trial
Verso
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Server-Name
X-Rack-Cache
X-Ttl
X-Ac
X-ECACHE
X-GitHub-Request-Id
X-Powered-By-Plesk
X-Cnection
Service-Worker-Allowed
X-Client-IP
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
Xkey
X-Abt-Application-Version
Edge-Control
X-B3-TraceId
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-Upstream
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Browser-Type
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Cached
X-Mg-S
X-Varnish-TTL
X-Webkit-Csp
X-Dw-Request-Base-Id
X-Px
X-Cache-Key
X-FastCGI-Cache
Display
X-Sol
Pagespeed
X-Middleton-Display
X-SRCache-Store-Status
X-Correlation-Id
X-SRCache-Fetch-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Forwarded-For
X-Country-Code
Content-MD5
X-Goog-Hash
X-Powered-CMS
TCN
Front-End-Https
X-Version
X-Id
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
Public-Key-Pins
AR-SID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-MSEdge-Ref
X-Ratelimit-Limit
X-T
X-Content-Digest
X-Recruiting
X-XRDS-Location
X-Ser
X-Amzn-Trace-Id
X-RateLimit-Remaining
Accept-Ch
X-Accel-Expires
Response
X-Middleton-Response
X-Daa-Tunnel
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
MicrosoftSharePointTeamServices
Nginx-Cache
S
Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Server-Node
X-HS-Combine-CSS
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-Request-Processing-Time
X-HS-Cache-Config
Cache-Tags
X-Distributor
X-Ratelimit-Remaining
X-Hits
X-Kinsta-Cache
X-Edge-Location-Klb
Cross-Origin-Opener-Policy
X-LB-Cache
X-Fastcgi-Cache
Fastcgi-Cache
X-Origin-Server
X-Ua-Browser
X-Ratelimit-Reset
Alternate-Protocol
X-Ezoic-Cdn
Server-Name
X-Grace
X-DIS-Request-ID
X-PressLabs-Stats
Filterid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Geo-Country
X-Request-Handler-Origin-Region
X-Fastly-Request-ID
X-Microsite
X-Rid
X-Frontend
X-Hostname
X-LLID
Healthy
X-Protected-By
X-Git-Hash
Payment
X-Varnish-Backend
X-FB-Debug
Cleartype
X-Logged-In
X-Debug-Info
X-Page-Id
X-Load-Cache
X-Www-Served-By
X-DataDome
X-Forwarded-Proto
X-NGENIX-Cache
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cluster-Name
DC
X-Origin-Cache
MS-Author-Via
Realpath
Content-Disposition
Charset
X-ASPNET-VERSION
X-ECache
Access-Control-Allow-Method
X-B3-Sampled
X-Goog-Metageneration
X-GUploader-UploadID
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Proxy
X-Az
X-AppVersion
X-Activity-Id
X-F-Cache
X-Seen-By
X-Amz-Replication-Status
Retry-After
X-B3-Traceid
Paypal-Debug-Id
Cross-Origin-Resource-Policy
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Request-Guid
X-Whom
Viewport
X-Revision
X-Route-Name
X-Fb-Rlafr
X-Is-Crawler
X-Azure-Ref
X-Providence-Cookie
X-Flags
X-Contextid
Count-Hit
X-Aspnet-Duration-Ms
Surrogate-Key
X-App-Environment
X-Wix-Request-Id
Accept-Charset
X-Hosted-By
Amp-Access-Control-Allow-Source-Origin
X-B
X-Signature
X-B-Cache
X-Server-ID
X-TTL
X-Varnish-Server
X-Akamai-Edgescape
X-TT
X-DynaTrace
X-Aspnetmvc-Version
X-VCache
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Cache-Age
X-Language
X-Source
X-App-Server
X-Cache-Control
X-Times
Referer-Policy
X-Mobile
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Fastly-Request-Id
X-Varnish-Grace
X-Magnolia-Registration
Host
X-Envoy-Decorator-Operation
X-COUNTRY
Version
X-HTML-Minification-Powered-By
X-N
X-Tt-Trace-Tag
X-Cache-Rule
X-Tt-Trace-Host
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
WPO-Cache-Message
WPO-Cache-Status
X-Tumblr-User
X-Response-Served-From
Refresh
X-Original-Request-Id
X-Cache-Time
SRV
MS-CV
X-RTag
X-Rule
Ms-Operation-Id
X-Varnish-Ttl
Access-Control-Request-Headers
X-Varnish-Age
X-Framework
X-Cache-Status-Check
X-EdgeConnect-Cache-Status
SD-X-WS
X-FW-Dynamic
Section-Io-Cache
X-User-Agent
X-FW-Hash
X-Cacheable-TTL
X-UUID
GEO-INFO
X-Backend-Name
X-Page-View
X-Cache-Grace
Akamai-GRN
X-ProcessESI
X-Content-Powered-By
X-FW-Server
X-RemovedCookies
X-FW-Static
X-FW-Type
X-FW-Version
X-FW-Serve
X-Instance
X-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Protected
X-Rendered-As
X-Is-Bot
X-Drupal-Cache-Tags
X-Cache-Expired-At
X-G
X-Jobs
X-Device-Type
X-Akamai-Request-ID2
CDN-RequestId
From-Origin
X-Environment-Context
X-NYM-Debug-Backend
X-Trace-Id
X-L-Path
X-Http-Reason
X-Drupal-Cache-Contexts
X-Amz-Apigw-Id
X-Servername
Url
X-Amzn-RequestId
NGB
X-Adobe-Loc
X-Adobe-Content
X-Region
X-Template
X-RateLimit-Limit
Front
X-CDN-Forward
Accept-Language
X-Debug-IsConnected
X-Debug-IsPreview
X-Nginx-Cache
X-Unique-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
X-XRDS-LOCATION
X-Content-Options
Backend
Fastly-SWR
Fastly-SIE
Country
X-Zen-Fury
Liferay-Portal
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-TIME
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Tb
X-Mode
X-Cache-Operation
Content-Secure-Policy
X-Tt-Logid
X-Real-IP
Webserver
Filters
X-Rocket-Nginx-Serving-Static
Meta-Geo
X-Tumblr-Pixel-2
X-Proxy-Cache-Info
X-Rewrite-Enabled
X-Generation-Time
X-Amzn-Remapped-Content-Length
X-RN-RSRV
Uber-Trace-Id
X-UPSTREAM-Address
X-Cache-Server
X-Newrelic-App-Data
X-Node-Name
X-Tec-Api-Origin
Selected-Fe
X-Tec-Api-Root
X-Access
X-IPS-LoggedIn
Azure-InstanceId
X-Tec-Api-Version
X-Content-Age
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
CF-IPCountry
Cache-Hits
X-Proxy-Build
X-Format
X-Timing-Wait
X-Section
X-Web-Node
Onion-Location
ServedBy
X-Sql-Duration-Ms
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
X-Sucuri-Cache
X-UA-Device-Type
X-Locale
Cache-Name
X-Sucuri-ID
TWC-Locale-Group
Property-Id
Webcakes-App-Name
X-Say-TTL
X-Ms-Request-Id
X-SayCDN-TTL
X-Origin-Hint
X-PHP-Backend
X-Say-Cacheable
X-Proto
X-Debug
X-Cluster-Node
Webcakes-App-Version
X-R9-Blue-Green-Version
Webcakes-Region
X-Sql-Count
X-Server-W
X-Soup
TWC-Privacy
X-Ms-Version
Node
X-Cache-Action
X-Ua
X-Cache-Host
X-Cache-TTL-Remaining
Web-Mar-Node
X-Site-Version
ServerID
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Via-Fastly
X-Cms-Context
X-ProxyCache-Status
X-Reqid
X-Forwarded-Host
S-Rt
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Handled-By
X-Labrador-Cache-Channel
X-PHP-Host
DB-Nickname
X-BYPASS-REASON
X-Uri
X-VC-Cache
X-Adobe-Source
X-LJ-Flow-ID
X-AWS-Id
X-WP-CF-Super-Cache-Cache-Control
X-LAGOON
X-Routing-Service
X-JoinUs
X-Detected-As
X-FB-TRIP-ID
X-IPLB-Instance
X-IPLB-Request-ID
X-Proxied
X-Cluster
X-Origin-Date
X-WP-CF-Super-Cache
X-Tumblr-Pixel-3
X-Zipkin-Id
X-Extlb
X-SaId
X-VWS-Id
Cross-Origin-Window-Policy
X-Edge-Location
Mn-Server-Ip
X-Xfnlog-Site
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Optimistic-Header
X-No-Session
Apigw-Requestid
Mime-Version
Fastcgi-Useragent
X-GeoCountry
X-LSADC-Cache
Countrycode
X-GeoCode
WP-Super-Cache
X-ARC
X-Ruxit-Js-Agent
X-App-Version
X-Buckets
Source
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-Uid
X-Time
X-Director
CDN-Cache
CDN-RequestCountryCode
Upgrade-Insecure-Requests
X-Hl-Ver
Cache-Tv-Group
X-Oneagent-Js-Injection
X-Varnish-Hits
Fastly-Drupal-HTML
X-Generated-By
X-GEO
X-Request-Time
X-Mg-Request-UUID
X-Cache-Debug
X-Redis-Cache
X-Tx-Id
Frame-Options
Xet-Cookie
CF-Cached-On
X-Loop
X-Origin-TTL
X-Varnish-Cache-Hits
X-Origin-CC
X-RM-Cache-TTL
X-Varnish-Hostname
X-URL
X-Pass-Why
X-SRV
X-FireWall-Port
X-ServerID
X-TNCMS
X-Api-Version
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Sorting-Hat-PodId
X-Datadog-Sampling-Priority
X-TA-CDN-Provider
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
Load-Balancing
X-Akamai-Transformed
X-Pubstack
X-Served-From
X-CACHE-AGE
X-Location
X-Newrelic-Synthetics
X-Endurance-Cache-Level
Xserver
X-NWS-UUID-VERIFY
Server-Info
X-Service
A
T-Server
Candidate-Md5Url
Cache-Host
BehaviorPad-Version
X-A
Thinkindot-CacheControl-Type
Thinkindot-Control
WWW-Authenticate
Thinkindot-CacheControl
DCR-Decision-By
X-A-Ccd
Edge-Cache
Surrogated-Key
Odigeo-Trace-Id
Ngx.Var.Host
Sslversion
Origin
Req-Svc-Chain
Release
Redirect-Candidate
Meta-Geo-Continent
Memcached
Gannett-Cam-Experience-Id
Rendered-Blocks
DSUID
X-A-Dam
Host-ID
MD5-Digest
Lang
DCR-Processing-Time-Ms
X-Vdms-Path
X-S-Cookie
X-External-Request-Id
X-S
X-Gdpr
X-Rojux
X-Epic-Correlation-Id
X-S-Maxage
X-SRCache-Key
X-Ec-GeoHdr
X-Sigma-Backend
X-Sigma
X-ScT
X-Rocket-Build-Number
X-Processor
X-Mobile-URL
X-Nyt-Route
X-INCAP-ABP
X-Level-Front-Cache
X-Loc
X-Httpd
X-Generated-On
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Origin-Time
X-Ec-Fail
X-Test
X-Bip
X-BCube-Filmed-By
X-Cache-Date
X-Cache-Info
X-Cache-NE
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-A-Wwc
X-A-Dgt
X-Aed
X-Application
X-B-Cookie
Xc-Version
X-CMSURLCustom
X-Mid
X-Developer
X-TIM-N
X-Thinkindot-L3
X-Thanos
X-Vdms-Version
X-Destination
X-Conf
X-CUA
X-We-Are-Hiring
X-D
X-A-Dcw
TDXMobile
X-Request-Host
X-Storage
X-B3-Spanid
X-Restarts
X-Developers
X-Ec-Custom-Error
X-Clara-WADP
X-Geo-Header
X-Has-Esi
X-HS-Content-Campaign-Id
X-GeoIP-City
X-GeoIP
X-Cdn-Srv
X-Fmm-Version
X-Auto-Login
NM-Fastcgi-Cache
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Mail-Subject
Magicmarker
Section-Io-Origin-Status
Section-Io-Id
X-Akamai-Device-Characteristics
X-Human
We-Hiring
X-Varnish-Beresp-Ttl
Server-Host
X-Cache-Bucket
X-JWT-State
X-WP-CF-Super-Cache-Active
Country-Code
X-Worker
X-WADP-Cache
X-VServer
X-Cdn-Origin
X-Core-Mission
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Hash
X-Vmg-Version
X-Varnishpool
X-Org
X-Node-Id
X-Mvc-Supplant-Cachable
Gh-Request-Id
X-Origin
X-Origin-Response-Time
X-Varnish-Beresp-Status
X-Var-Ttl
X-SD-PageType
X-Pool
X-Is-Gdpr
X-Fetched-On
Fastly-GeoIP-CountryCode
AKAMAI
Fastly-Backend-Name
CacheControlHeader
C-Via
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Cache-Key
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
X-Parent-Response-Time
X-Irp-Debug
X-Gen-Mode
Canary
X-GeoIP-Country-Code
X-Gzip
X-Frame-Option
X-GeoIP-Region-Code
Cache-Provider
X-HN
X-FC-Vary-Parameters
X-Block-Status
X-Cache-Id
X-Cache-Tags
X-Azure-Ref-OriginShield
X-App
X-Ad-Defer-Variation
Datacenter
Click-Count-Error
Click-Count-Action-Start
X-Dispatcher-Server
X-Esi-Check
CDCHOST
X-Device-Os
X-DefHash
X-Core-Value
X-DefElseHash
X-Forwarded-Site
X-Nginx-Cache-Key
X-CacheTTL
X-Date
X-Dispatcher-Number
X-Accel-Expires-Debug
X-Wix-Viewer-Type
X-VG-TLSProxy
X-WA-Info
X-Fastly-Backend
X-Fastly-Cache
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Server-IP
X-Region-Sid
X-Gamma-Serve
X-Men
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Op-Id-All
Adler-Geo
X-NodeID
X-Accel-Buffering
X-Mly-Id
X-NCache
X-Platform
X-Qloud-Router
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Variation
X-Scale
X-Req
X-Request-Start
X-LB-NoCache
X-Hnp-Log
User-Cache-Control
Tube-Get-Contents
Wxu-Next-Commit
Server-Hostname
Is-Eu
Tube-Return
Origin-CC
Web-Mar-Region
Platform
Vix-Hermes-Req-Id
Server-Ext
PFcat
Origin-EX
Kp-EeAlive
On-Server
NGX
Tube-Got-Results
Tube-Got-Eval
Machine
L
Ssr
Wxu-Next-Hostname
Sever-Int
Wxu-Next-Region
X-Air-Pt
Ha-Gx-Prefs
HA-Ipaddr
X-DPWN-IS-SECURE
X-Eu-Site
X-Instance-Name
Fastly-SSL
X-Owner
X-V-Cache
L5d-Success-Class
State
Environment
Cmsid
Cmstype
X-SB
X-Platform-Server
X-Old-Content-Length
Producers
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Minions-Version
X-Origin-Expires
X-CSRF-Token
X-Csrf-Jwt
X-Ckpd-Fst-Backend
X-CGP
X-Cache-Remote
X-Presslabs-Stats
X-Cache-FS-Status
X-Release
X-Mvc-Supplant-OutputCached
Pics-Label
Decoy-Debug-Status
X-Tb-Optimization-Total-Bytes-Saved
Cluster
Decoy-Debug-TTL
X-Provided-By
X-Cache-Backend
Decoy-Debug-Key
X-Nananana
X-Microcachable
X-Tid
X-Webkit-CSP-Report-Only
X-Aicache-OS
Expect-Staple
X-FL-QIT-DEBUG
GeoIP-Latitude
Locid
X-DC
X-Refresh
Srvid
X-FL-EDGE
Env
X-Response-By
X-Zone
HostName
X-Correlation-ID
X-RCS-CacheZone
X-NewRelic-App-Data
Memory
Time
X-Vcl-Version
X-Via-CDN
X-Generated-In
X-Up
X-Cache-Enabled
X-ND-Cache
X-Servedbyhost
X-From
X-Dc
Edge-Copy-Time
X-Via-SSL
SID
X-Via-Edge
X-Trace-ID
X-Edge-Pop
X-Cached-By
Svr
X-DataCenter
X-Srv
Cache
NtCoent-Length
X-Vc
Sid
X-Debug-Cache-Store
X-VC
X-Debug-Cache-Fetch
X-Lambda-Id
X-Nc
X-Webkit-CSP
X-Via-Popn
X-Vgn-Hpd-Cached
X-HS-Status
X-Via-Poph
X-Via-Popv
X-Wa
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-ZONE
X-AIR-PT
Cdn
X-NGINX-Cache
X-VCT
X-Render-Time
X-HA-Backend
X-Cs
X-Esi
X-Vtex-Remote-Cache
Fastly-Drupal-Html
GeoIp-Country-Code
Hostname
CPC-Cache
X-Hcs-Proxy-Type
VNS-Cache
CPC-Age
X-CLOUD-TRACE-CONTEXT
X-Client-Ip
Server-ID
X-CCDN-CacheTTL
VNS-Age
X-CCDN-Origin-Time
X-Check-Cacheable
X-AK-Request-ID
X-LB-ID
X-Upstream-Ht
X-TH-Server
True-Client-IP
Cdncip
Cdnsip
X-Amz-Meta-Cb-Modifiedtime
X-Via-JSL
X-Upstream-Ct
X-B3-SpanId
X-Cache-Type
X-Gateway-Skip-Cache
X-Fpc
X-CSRF-TOKEN
X-Gateway-Cache-Key
X-Via-NSCOPI
X-Gateway-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-Gateway-Cache-Status
X-Proxy-CacheRZ
XkeyRZ
X-ATG-Version
X-Varnish-Authentication
X-API-Version
X-Cache-ASPX
Uri
X-Contensis-Viewer-Groups
X-CS
XServer
X-Varnish-Beresp-TTL
M-TraceId
X-Nf-Request-Id
X-EC-Lua
X-Udemy-Cache-App-Namespace
Eomportal-Instance
Esi-Enabled
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
Resin-Trace
X-RateLimit-Limit-Second
OT-Force-Account-Verify
X-RateLimit-Remaining-Second
X-Micro-Cache
X-MSEdge-Flight
X-MSEdge-Features
Ngx-Var-Key
X-FPC
X-APP-VERSION
True-Client-Ip
X-MP-GENERATED-AT
X-Datadome
Srv
CDN
N-Cache
X-CDN-Cache-Status
X-Wikidot-Backend
Path
X-Wikidot-Static-Cache
Request-ID
YJS-ID
X-Bl-Debug
X-Cache-NGX
X-SIPLIST1
X-Shop-Environment
X-Forwarded-Path
RNT-Machine
RNT-Time
X-Lb-Id
X-Fastly-Country-Code
IsBot
X-Tenant
X-Orig-Expires
X-Request-URI
X-VCL-Version
X-Cache-Ttl
X-Info
GeoIP-Country-Code
Server-Id
LB
X-B3-Trace-ID
X-Accel-Version
X-Service-Response-Time
Lb
Sm-Log-Id
X-Ha-Backend
X-Policy
X-App-Name
X-TX-ID
X-MCACHE
Location
X-Pod-Name
X-WA
X-Datacenter
Cross-Origin-Opener-Policy-Report-Only
X-RateLimit-Reset
X-Edge-POP
X-Akamai-Pragma-Client-IP
Hit
X-Cdn-Cache-Status
HIT
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Oss-Request-Id
X-Oss-Object-Type
Servername
X-Cdn-Request-ID
X-SERVER-NAME
X-Vcache
Ohc-File-Size
X-Cache-Expires
X-NC
X-Geo
X-Logging-Id
FSS-Cache
X-CACHE-KEY
X-Cdn-Diag
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Pramga
X-Snapshot-Date
Timeexpire
X-Git-Commit
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Container-Uri
Epwk-X-Cache
Yjs-Id
X-ServedByHost
Warning
ENV
Proxy-Connection
X-Ctl-Mach
Req-ID
X-Cdn-Forward
X-Scheme
X-TraceId
X-Amz-Meta-Opti
WZWS-RAY
X-UP
Traceparent
X-Fastly-Backend-Reqs
XM
X-LiteSpeed-Cache-Control
X-Moov-T
Geoip-Latitude
X-Serial
X-VG-WebCache
X-Tncms
X-Hyper-Cache
X-Moov-Xdn-Version
X-Dw-Trace-Id
X-M-Log
X-M-Reqid
X-MiniProfiler-Ids
True-Client-Country-4JS
CDN-RequestPullSuccess
V-Age
X-Acquia-Application-Trace
X-Acquia-Purge-Cdn-Unconfigured
X-RAMCache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Qnm-Cache
X-Acquia-Application-UUID
CDN-RequestPullCode
Content-Script-Type
X-B3-Parentspanid
Ec-Rule-Version
X-PERF
X-Viewer-Country
Cneonction
X-ApacheServer
X-Swift-Error
Content-Style-Type
X-Lb-Nocache
X-Wp-Cf-Super-Cache-Cache-Control
X-Lsadc-Cache
CountryCode
X-Wp-Cf-Super-Cache
X-F-Status
X-TT-LOGID
X-Cache-Ngx
X-Mid-Debug-Cache-Key
X-Request-URL
Inserted-Into-Cache-At
X-Iauth-Set-Uid
X-Mid-Debug-Cache-Disk
X-IPS-Cached-Response
Ohc-Cache-HIT
X-Webstats-RespID
X-Fastly-Cache-Hits
Ngx
X-Th-Server
X-B3-ParentSpanId
X-LiteSpeed-Tag
X-Litespeed-Cache-Control
MIME-Version
My-App
X-Mg-Cache